Lucene search
+L

79 matches found

SUSE CVE
SUSE CVE
added 2026/07/11 3:22 a.m.9 views

SUSE CVE-2026-53363

In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: preserve shared-frag marker in iptfsconsumefrags iptfsconsumefrags transfers paged fragments from one socket buffer to another but fails to propagate the SKBFLSHAREDFRAG flag. This is the same class of bug that was...

6AI score0.00295EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/07/10 11:55 a.m.8 views

CVE-2026-53363

In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: preserve shared-frag marker in iptfsconsumefrags iptfsconsumefrags transfers paged fragments from one socket buffer to another but fails to propagate the SKBFLSHAREDFRAG flag. This is the same class of bug that was...

6AI score0.00295EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.12 views

CVE-2026-40914

A flaw was found in Apache ActiveMQ Artemis STOMP. An authenticated user with send or consume permission on an address can change that address's routing-type even without createAddress. As a result, send or consume operations that should be rejected for an unsupported routing-type may succeed,...

4.3CVSS6AI score0.00372EPSS
Exploits0References4
OSV
OSV
added 2026/05/28 3:39 p.m.6 views

GHSA-RF99-F9J2-GV3F Apache Artemis has an Incorrect Authorization issue

A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for...

4.3CVSS5.7AI score0.00372EPSS
Exploits0References7
Snyk
Snyk
added 2026/05/28 2:42 p.m.7 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the updateAddressInfo and createAddress methods. A user with consume or send permssions can modify the routing-type of an address - e.g. from ANYCAST to MULTICAST. Remediation Upgrade...

5.4CVSS5.8AI score0.00372EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/28 2:42 p.m.8 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the updateAddressInfo and createAddress methods. A user with consume or send permssions can modify the routing-type of an address - e.g. from ANYCAST to MULTICAST. Remediation Upgrade...

5.4CVSS5.8AI score0.00372EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/28 12:28 p.m.7 views

CVE-2026-40914

A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for...

5.8AI score0.00372EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2026/05/28 12:28 p.m.2 views

CVE-2026-40914 Apache Artemis Stomp Protocol, Apache ActiveMQ Artemis Stomp Protocol: Address routing-type can be updated by STOMP protocol user without the createAddress permission

A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for...

4.3CVSS6AI score0.00372EPSS
Exploits0References5
CVE
CVE
added 2026/05/28 12:28 p.m.40 views

CVE-2026-40914

CVE-2026-40914 describes a vulnerability in Apache Artemis (and Apache ActiveMQ Artemis) where a STOMP-authenticated user with either consume or send permission on an address can augment the address routing-type without having createAddress permission for that address. This allows sending or cons...

4.3CVSS5.8AI score0.00372EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/28 12:28 p.m.17 views

EUVD-2026-32894

A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for...

5.8AI score0.00372EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

Apache ActiveMQ和Apache ActiveMQ Artemis 安全漏洞

Apache ActiveMQ and Apache ActiveMQ Artemis are both products of the Apache Foundation in the United States. Apache ActiveMQ is an open-source messaging middleware that supports Java Message Service, clustering, Spring Framework, etc. Apache ActiveMQ Artemis is a high-performance open-source...

4.3CVSS5.8AI score0.00372EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.20 views

PT-2026-44367

Name of the Vulnerable Software and Affected Versions Apache Artemis versions 2.50.0 through 2.53.0 Apache ActiveMQ Artemis versions 2.0.0 through 2.44.0 Description An issue exists where an application using the STOMP Simple Text Oriented Messaging Protocol protocol can augment the routing-type ...

4.3CVSS5.8AI score0.00372EPSS
Exploits0References7
OSV
OSV
added 2026/05/27 11:53 a.m.19 views

SUSE-SU-2026:2092-1 Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool...

7.5CVSS6AI score0.00813EPSS
Exploits0References25
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: mlx5: Fixed a leak in skb during fifo resync and push operations. During the ptp resync operation, SKBs were popped from the fifo, but they were never freed either by napiconsume or by devkfreeskbany. Added a call to...

5.4AI score0.00166EPSS
Exploits0References1
OSV
OSV
added 2026/05/17 8:17 p.m.10 views

SUSE-SU-2026:21804-1 Security update for go1.26

This update for go1.26 fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: "go tool pack" does...

7.5CVSS6AI score0.00813EPSS
Exploits0References25
RedHat Linux
RedHat Linux
added 2026/05/14 11:37 p.m.4 views

net/mail: golang: net/mail: Denial of Service via pathological email address parsing

A flaw was found in the net/mail package within the Go standard library. A remote attacker could provide specially crafted, pathological email addresses. When these malformed email addresses are parsed by the consumePhrase function, it can lead to excessive resource consumption due to quadratic...

7.5CVSS6.9AI score0.00798EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/07 9:30 p.m.10 views

EUVD-2026-28432

Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322...

5.8AI score0.00798EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/06 7:40 a.m.8 views

CVE-2026-43098

In the Linux kernel, the following vulnerability has been resolved: nfc: s3fwrn5: allocate rx skb before consuming bytes s3fwrn82uartread reports the number of accepted bytes to the serdev core. The current code consumes bytes into recvskb and may already deliver a complete frame before allocatin...

5.5CVSS5.8AI score0.00123EPSS
Exploits0
Snyk
Snyk
added 2026/05/06 4:12 a.m.8 views

Off-by-one Error

Overview Affected versions of this package are vulnerable to Off-by-one Error in the ConsumeUnit16Array and ConsumeUnit64Array functions. An attacker can cause a process crash by supplying a specially crafted .evtx file to the parseevtx VQL plugin on Windows and Linux systems. Remediation A fix w...

5.5CVSS5.8AI score0.00142EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/06 4:12 a.m.6 views

Off-by-one Error

Overview Affected versions of this package are vulnerable to Off-by-one Error in the ConsumeUnit16Array and ConsumeUnit64Array functions. An attacker can cause a process crash by supplying a specially crafted .evtx file to the parseevtx VQL plugin on Windows and Linux systems. Remediation A fix w...

5.5CVSS5.8AI score0.00142EPSS
Exploits0References2
Rows per page
Query Builder